AppSAT: Approximately deobfuscating integrated circuits

Abstract

In today's diversified semiconductor supply-chain, protecting intellectual property (IP) and maintaining manufacturing integrity are important concerns. Circuit obfuscation techniques such as logic encryption and IC camouflaging can potentially defend against a majority of supply-chain threats such as stealthy malicious design modification, IP theft, overproduction, and cloning. Recently, a Boolean Satisfiability (SAT) based attack, namely the SAT attack has been able to deobfuscate almost all traditional circuit obfuscation schemes, and as a result, a number of defense solutions have been proposed in literature. All these defenses are based on the implicit assumption that the attacker needs a perfect deobfuscation accuracy which may not be true in many practical cases. Therefore, in this paper by relaxing the exactness constraint on deobfuscation, we propose the AppSAT attack, an approximate deobfuscation algorithm based on the SAT attack and random testing. We show how the AppSAT attack can deobfuscate 68 out of the 71 benchmark circuits that were obfuscated with state-of-the-art SAT attack defenses with an accuracy of, n being the number of inputs. AppSAT shows that with current SAT attack defenses there will be a trade-off between exact-attack resiliency and approximation resiliency.